NHS cyber attack 'should prompt schools to take precautions'

Schools must take precautions to improve their cyber security defences in order to avoid falling prey to the kind of large-scale attacks that struck the NHS earlier this month.

This is according to a number of experts speaking to the education sector publication Schools Week, who said more and more schools are being affected by the type of ransomware viruses that temporarily crippled NHS systems on May 12th.

Ken Corish, online safety director at the education tech charity South West Grid for Learning, said "tens of schools" in the south-west of England alone had been affected over the past year, with some losing thousands of pounds to hackers as a result.

Meanwhile, Steve Proffitt, deputy head of the national cyber crime reporting centre Action Fraud, said: "Schools using old Windows systems are incredibly vulnerable. If systems are susceptible, the virus could go into your finance details and empty your budget for the year."

There are numerous kinds of malicious program that can severely disrupt school systems, but ransomware - which encrypt a computer's data to bar users from accessing it, unless they agree to pay the hackers a ransom - can be particularly damaging.

Mr Corish noted that viruses of this kind do not need to specifically target schools to cause a problem, as they tend to proliferate where defences are weak, in a similar manner to a common cold virus.

As such, the experts said teachers need to be trained to recognise virus attacks and to prevent them by not opening suspicious links or attachments in emails, even if they know the alleged sender.

Schools should have a data protection strategy, with sensitive data backed up off-site or using cloud services, while antiviral and anti-malware software should be purchased and kept up to date.

Finally, a plan of action should be devised in the case of a hack, with infected machines isolated from the rest of the network, before school authorities and parents are notified.